First Trojan To Target WindowsCE PDAs Emerges

The malicious code will let an attacker gain control of the handheld device.

The first backdoor Trojan horse designed to attack Pocket PC PDAs running the WindowsCE operating system has been discovered, several antivirus companies said on Thursday.
The Trojan was named Backdoor.Bardor.A by antivirus firm Symantec and Backdoor.WinCE.Brador.a by antivirus firm Kasperky Labs. Once installed on a Pocket PC device, it allows an attacker to gain control over the device once it is restarted and connected to the Internet.

According to Symantec, an infected handheld device will transmit its IP address through a backdoor, or security hole, over the Internet to the attacker. It will then open a communications channel on port 44299 and await further instructions from the attacker.

Both Symantec and Kaspersky Labs say the backdoor works with handhelds built with the widely used ARM CPU.

Symantec has classified the threat posed by the Trojan as a 1, the lowest ranking on its scale of 1 to 5.

Both Symantec and Kaspersky Labs say they have updated their antivirus signatures to protect customers against this new threat.

Oliver Friedrichs, senior manager of Symantec Security Response, says the Trojan was submitted to Symantec for analysis from one of its virus sample exchange networks. He says the Trojan hasn't been spotted on the Internet yet.

As with all Trojan horses, this one doesn't spread on its own, so PDA users need to be enticed to download the malicious application or open an E-mail attachment that contains it. Says Friedrichs, "Users shouldn't open or execute files from unknown sources."

Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.